Gunra ransomware is a recently identified threat that has been observed targeting Windows endpoints across multiple industries worldwide, including manufacturing and energy sectors. Known for its encryption capabilities and exfiltration tactics, the ransomware follows a double-extortion model, encrypting victim data while simultaneously threatening to leak stolen information on its Tor-hosted leak site. Gunra’s malicious behavior […]

Security observability allows security teams to gain comprehensive visibility into the security posture of systems, applications, and networks by collecting and analyzing telemetry from various sources. These data sources, including logs, metrics, and traces, provide deep insights into diagnosing system issues and investigating security incidents. They also help to detect and respond to potential threats […]

Koske malware is a new, trending malware that Aqua Nautilus first identified in July 2025. It is believed to be an AI-generated malware designed for cryptocurrency mining operations on Linux endpoints. The structure and characteristics of its code suggest that it may have been developed using large language models (LLMs) or automation frameworks. Koske is […]

Network security focuses on ensuring the integrity, confidentiality, and availability of computer networks and data by preventing unauthorized access, misuse, or disruption. Continuous network monitoring provides visibility into network activity, enabling organizations to detect issues, optimize performance, and identify potential threats before they escalate into serious incidents. Wazuh is an open source SIEM/XDR platform that […]

Admin By Request (ABR) is a Privilege Access Management (PAM) tool designed for managing local administrator privileges. Granting permanent administrator rights can expose organizations to malware, privilege misuse, and compliance risks. Admin By Request addresses this by allowing users to request temporary, audited admin access when needed, eliminating the need for permanent local administrator rights. […]

Defense evasion techniques are methods that threat actors use to conceal their presence, bypass security mechanisms, and operate undetected on compromised systems. By evading detection, adversaries can maintain persistence and continue malicious activity even during active monitoring or security scans. Common defense evasion methods include disabling or uninstalling security tools, tampering with event logs, obfuscating […]

ServiceNow is a cloud-based platform for IT Service Management (ITSM) that helps organizations manage digital workflows for enterprise operations. It provides a centralized system for handling incidents, changes, and requests, enabling process automation, visibility across departments, and structured response procedures. Integrating ServiceNow with Wazuh combines Wazuh threat detection and response capabilities with ServiceNow incident management. […]

Measuring performance and operational efficiency of your XDR/SIEM ensures that it runs reliably, scales effectively, and delivers timely security insights. Monitoring metrics like resource usage, connection times, and log processing helps identify bottlenecks, optimize configurations, and prevent downtime. It also ensures that threat detection and intelligence coverage remain consistent, even under high workloads. The Wazuh […]

LodaRAT is a remote access trojan (RAT) known for stealing sensitive data, executing commands, and maintaining persistence on infected systems. Commonly spread via phishing and malicious documents, it now uses advanced tactics like process injection, encrypted C2, and data exfiltration through legitimate services. Recently, a new variant of LodaRAT emerged that can steal saved passwords […]

MariaDB is an open source database system that stores and manages structured data. It is often chosen for its reliability, speed, and compatibility with MySQL. Many websites, applications, and services use MariaDB to handle data securely and efficiently. Monitoring MariaDB provides real-time visibility into database activities, helping to detect suspicious behavior, prevent unauthorized access, and […]

Dependency-Track is an open source platform that helps organizations identify and mitigate risks in their software supply chain. It achieves this by analyzing Software Bill of Materials (SBOMs), which is a detailed inventory of all software components, libraries, and modules that comprise an application. Dependency-Track can be integrated into CI/CD pipelines to analyze SBOMs generated […]

Auto-color is a stealthy Linux backdoor used in cyberattacks targeting government institutions and universities across North America and Asia. Attributed to an unknown threat actor, Auto-color is specifically designed for persistence and evasion, allowing it to remain undetected on infected systems for extended periods. The malware disguises itself as a harmless color-enhancement utility to avoid […]